flag{EnjoyTheFreeInvite} #TogetherWeHitHarder

Workshop "Demystifying the Server Side" slides presented at Ekoparty, Hackitvity Conf, and NoNameCon 2020 by Rajanish Pathak Rahul Maini and me. docs.google.com/presentation/d…

Good wordlists are so important when discovering content on an asset. At Assetnote, we've built a wordlists site that updates itself on a monthly basis. For added value, we've included some of our best wordlists that we've manually collected too. wordlists.assetnote.io

Recently Justin Gardner sparked a discussion about exploiting blind SSRFs. At Assetnote, we've collected some information together and have created a Glossary of Blind SSRF Chains which can be found here: blog.assetnote.io/2021/01/13/bli… - we hope people can use it as a reference!

Security researchers messaging each other after today

If you are tired of googling for #BugBounty writeups, I made a little tool that lets you search writeups easily. You can also pull the search data in JSON format if you need it. BugBountyHunting.com #cybersecurity #bugbountytips #infosec #100DaysOfCode

Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies 👇Check the thread after reading for a few bonus facts👇 medium.com/@alex.birsan/d…

github.com/GrrrDog/weird_…

We did some fun tricks with nginx on bug bounties a while back, and made a post about out the configurations being vulnerable labs.detectify.com/2021/02/18/mid…

New attacks on OAuth: SSRF by design and Session Poisoning by Michael Stepankin portswigger.net/research/hidde…

The point of a VDP program is to keep you all busy while I find bugs on companies that pay money.

say no more 😄 here is the unofficial all-time leaderboard until HackerOne brings it back. h1.bugbounty.space

Me: I can't afford sponsoring open-source projects. Also me:

HTTP/2: The Sequel is Always Worse by James Kettle portswigger.net/research/http2

For everyone that's wondering what is DNS or BGP, trust me, you don't wanna know. Enjoy your blessed life

I earned $1 for my submission on @bugcrowd bugcrowd.com/d0xing #ItTakesACrowd

Cache Poisoning at Scale: Identifying and Exploiting over 70 Cache Poisoning Vulnerabilities youst.in/posts/cache-po…

Oops.

Teamwork is key! 🤝 todayisnew d0xing #h1303

Always a mysterious character! Help us welcome d0xing to the H1-Elite! 💪